Researchers have discovered another piece of espionage malware targeting sensitive organizations in the Middle East, this time siphoning e-mails, passwords, computer files, and nearby conversations from more than 800 PCs operated by critical infrastructure companies, financial institutions, and government agencies.

Researchers from Kaspersky Lab and Seculert have dubbed the malware Madi or Mahdi, which in Islam is roughly analogous with Messiah. The name is based on several strings and handles used by the attackers. While its discovery immediately evoked comparisons to the Flame malware used to disrupt Iran's nuclear program, separateanalyses released on Tuesday by both companies cataloged significant differences between the two campaigns. Madi, for instance, wielded no zero-day vulnerabilities, contained amateur coding practices, and relied on the gullibility of its victims. Flame, by contrast, boasted world-class cryptographic breakthroughs and other hallmarks that could have come only from state-sponsored developers.

"While we couldn't find a direct connection between the campaigns, the targeted victims of Mahdi include critical infrastructure companies, financial services and government embassies, which are all located in Iran, Israel and several other Middle Eastern Countries," the analysis from Seculert stated. "It is still unclear whether this is a state-sponsored attack or not."

The campaign dates back at least to December and originates in e-mails that contain an array of news articles, videos, and religious themed images depicting the wilderness or tropical settings. To mask the maliciousness of some of the payloads, the attackers used a technique known as "Right to Left Override" to name some files. By manipulating the Unicode or UTF-8 text of the filenames, they were able to able to make executable code appear as simple image files with titles such as "picturcs.jpg," that were displayed with a common ".jpg" icon. Some of the attached material invites the reader to click on video files. Those who fell for the social-engineering ploy are then infected with malware.

Madi has the ability to log keystrokes, capture screenshots, and siphon any messages sent to or from a variety of widely used services including Gmail, Hotmail, Yahoo! Mail, Skype, or ICQ. It can also record audio that's in the vicinity of an infected machine and save it for upload. One version examined by Seculert communicated with a server located in Canada. The researchers said an earlier variant connected the same domain name, but the server was located in Tehran, Iran.

In all, they identified more than 800 victims who communicated with four different command and control servers over an eight-month period. Some of the communications between the malware and command-and-control servers use the Farsi language, and some of the dates contained in the malware are written in the format of the Persian calendar. Almost half of the infections—387 to be exact—hit Iran. Israel, Afghanistan, the United Arab Emirates, and Saudi Arabia were also targeted with 54, 14, six, and four infections respectively. Seculert researchers said they've been tracking Madi for "several months." The espionage campaign is ongoing.

In the wake of Flame, and the related malware known as Duqu and Stuxnet, the disclosure of yet another piece of malware targeting critical systems in Iran and other Middle Eastern countries is sure to spark widespread intrigue. The lack of any conclusive evidence showing who's behind it is sure to generate more curiosity in the coming weeks and months.

81 Reader Comments

Another week, another cyber-attack on Iran. I'm surprised they haven't flipped out yet and done something stupid, like declaring war on the Internet (as in attacking the Internet itself, not using the Internet to declare war).

Another week, another cyber-attack on Iran. I'm surprised they haven't flipped out yet and done something stupid, like declaring war on the Internet (as in attacking the Internet itself, not using the Internet to declare war).

hehehe, don't paint the devil on the wall, or some jihad'ists' are going to blow up some major, global net-nodes (i.e. MAE west & MAE east in the U.S.)

"Mahdi" isn't synonymous with "Messiah", but rather he is prophesized as a leader who reluctantly restores the Caliphate, a worldwide Islamic leader nearly akin to the Pope, after a period of time where there is no Caliphate. The Mahdi's appearance precludes the appearance of the Anti-Christ in Israel, who will be too much for the Caliphate to handle, which then triggers the appearance of Jesus, who becomes the new Caliphate and establishes the Kingdom of God on Earth. All this, according to Islamic beliefs.

"Mahdi" isn't synonymous with "Messiah", but rather he is prophesized as a leader who reluctantly restores the Caliphate, a worldwide Islamic leader nearly akin to the Pope, after a period of time where there is no Caliphate. The Mahdi's appearance precludes the appearance of the Anti-Christ in Israel, who will be too much for the Caliphate to handle, which then triggers the appearance of Jesus, who becomes the new Caliphate and establishes the Kingdom of God on Earth. All this, according to Islamic beliefs.

In Islam Ahmadiyya, the terms "Messiah" and "Mahdi" are synonymous terms for one and the same person. Like the term Messiah which, among other meanings, in essence means being anointed by God or appointed by God the term "Mahdi" means guided by God, thus both imply a direct ordainment and a spiritual nurturing by God of a divinely chosen individual.

The US sure has deep pockets and infinite credit if it launches another trillion dollar adventure.

Iran would've had a nuke in 08. The U.S., Britain, Israel, among many others helped prevent that. Assassinated nuclear scientists in recent years helped extend it out even more. MI6 claims Iran will be in a position to produce nuclear weapons within 2 years, 2014.

Can we allow them to bring themselves to such a position? That's the real question. We're talking nuclear weapons. Let's get past the 2000's mentality that going into Iraq/Afghanistan was such a horrible idea.

I'm waiting for a virus that draws cartoon caricatures of Mohammed on screens throughout the Middle East, and then everyone destroys their computers.

This would definitely start World War 3. I mean, it's the trigger that will make them blame and attack Israel. But this time, US islamic allies won't be able to sit idle and pretend they are neutral...

And with Israel and the US occupied fighting in Middle East, N. Korea will attack S. Korea and Japan, making the US divide its forces enough that China can invade and retake Taiwan.

The US sure has deep pockets and infinite credit if it launches another trillion dollar adventure.

Iran would've had a nuke in 08. The U.S., Britain, Israel, among many others helped prevent that. Assassinated nuclear scientists in recent years helped extend it out even more. MI6 claims Iran will be in a position to produce nuclear weapons within 2 years, 2014.

Can we allow them to bring themselves to such a position? That's the real question. We're talking nuclear weapons. Let's get past the 2000's mentality that going into Iraq/Afghanistan was such a horrible idea.

The US sure has deep pockets and infinite credit if it launches another trillion dollar adventure.

Iran would've had a nuke in 08. The U.S., Britain, Israel, among many others helped prevent that. Assassinated nuclear scientists in recent years helped extend it out even more. MI6 claims Iran will be in a position to produce nuclear weapons within 2 years, 2014.

Can we allow them to bring themselves to such a position? That's the real question. We're talking nuclear weapons. Let's get past the 2000's mentality that going into Iraq/Afghanistan was such a horrible idea.

If it's hard to think of positive outcomes of what happened with going into Iraq/Afghanistan, maybe you should try thinking a little harder.

We're where we are at. We can't learn from our past mistakes if all we do is think everything was done horribly wrong.

Edit:We've been sanctioning Iran for the past 16 years. I don't see how the far-left has been trying to say this for the past 9. Everyone who can open their eyes has been seeing it go this direction for 16 years. Did that have at least a SMALL part to do with going into Iraq/Afghanistan? In the scope of country-size planning and military intervention, I'd like to think we've been trying to think as far ahead as possible.

"Mahdi" isn't synonymous with "Messiah", but rather he is prophesized as a leader who reluctantly restores the Caliphate, a worldwide Islamic leader nearly akin to the Pope, after a period of time where there is no Caliphate. The Mahdi's appearance precludes the appearance of the Anti-Christ in Israel, who will be too much for the Caliphate to handle, which then triggers the appearance of Jesus, who becomes the new Caliphate and establishes the Kingdom of God on Earth. All this, according to Islamic beliefs.

Israel's like less than a century old, why would ancient Islamic prophecies be referring to it?

"Mahdi" isn't synonymous with "Messiah", but rather he is prophesized as a leader who reluctantly restores the Caliphate, a worldwide Islamic leader nearly akin to the Pope, after a period of time where there is no Caliphate. The Mahdi's appearance precludes the appearance of the Anti-Christ in Israel, who will be too much for the Caliphate to handle, which then triggers the appearance of Jesus, who becomes the new Caliphate and establishes the Kingdom of God on Earth. All this, according to Islamic beliefs.

Israel's like less than a century old, why would ancient Islamic prophecies be referring to it?

"Mahdi" isn't synonymous with "Messiah", but rather he is prophesized as a leader who reluctantly restores the Caliphate, a worldwide Islamic leader nearly akin to the Pope, after a period of time where there is no Caliphate. The Mahdi's appearance precludes the appearance of the Anti-Christ in Israel, who will be too much for the Caliphate to handle, which then triggers the appearance of Jesus, who becomes the new Caliphate and establishes the Kingdom of God on Earth. All this, according to Islamic beliefs.

Israel's like less than a century old, why would ancient Islamic prophecies be referring to it?

Israel as the soverign country that we all know, yes, but it was originally founded around the 11th century B.C.

I'm waiting for a virus that draws cartoon caricatures of Mohammed on screens throughout the Middle East, and then everyone destroys their computers.

This would definitely start World War 3. I mean, it's the trigger that will make them blame and attack Israel. But this time, US islamic allies won't be able to sit idle and pretend they are neutral...

No, no no. It would leave convincing a trail pointing to the *true* culprits: Those secular 'Scientists' and 'Technicians' working in Iranian Uranium processing facilities. Seeing them stoned by fundamentalists would just drip with irony.

The US sure has deep pockets and infinite credit if it launches another trillion dollar adventure.

Iran would've had a nuke in 08. The U.S., Britain, Israel, among many others helped prevent that. Assassinated nuclear scientists in recent years helped extend it out even more. MI6 claims Iran will be in a position to produce nuclear weapons within 2 years, 2014.

Can we allow them to bring themselves to such a position? That's the real question. We're talking nuclear weapons. Let's get past the 2000's mentality that going into Iraq/Afghanistan was such a horrible idea.

Pakistan also has nukes, are known terrorist supporters and its even more likely for them to have their warheads fall in the wrong hand than of Iran managing a decent platform to deliver theirs. When are we going to invade them?.

In Islam Ahmadiyya, the terms "Messiah" and "Mahdi" are synonymous terms for one and the same person. Like the term Messiah which, among other meanings, in essence means being anointed by God or appointed by God the term "Mahdi" means guided by God, thus both imply a direct ordainment and a spiritual nurturing by God of a divinely chosen individual.

Don't worry, it will be funnier when the successor virus: "Muad'Dib" gets discovered.

The US sure has deep pockets and infinite credit if it launches another trillion dollar adventure.

Iran would've had a nuke in 08. The U.S., Britain, Israel, among many others helped prevent that. Assassinated nuclear scientists in recent years helped extend it out even more. MI6 claims Iran will be in a position to produce nuclear weapons within 2 years, 2014.

Can we allow them to bring themselves to such a position? That's the real question. We're talking nuclear weapons. Let's get past the 2000's mentality that going into Iraq/Afghanistan was such a horrible idea.

Pakistan also has nukes, are known terrorist supporters and its even more likely for them to have their warheads fall in the wrong hand than of Iran managing a decent platform to deliver theirs. When are we going to invade them?.

Oh yes, they are "allies".

Pakistan has an interesting history with India and the Kashmir region. Yes, they have nukes. As does India. Knowing how they got them, why they did, and what we did during that time and our intentions, along with India and their people, may open your eyes instead of thinking it's smart to compare apples and oranges.

So we allow another unstable country to obtain a weapon like this? Please stop the naivete. We very well may go into Pakistan at some point in the future. We may very well go into any country which we deem a threat to first American security and secondly to Global security. After 1945, the U.S. became the leader of the world. It was Britain before WWI. No one stepped up to the plate after the war which helped spawn WWII. We stepped up. I suggest ya'll step it up.

I'm waiting for a virus that draws cartoon caricatures of Mohammed on screens throughout the Middle East, and then everyone destroys their computers.

This would definitely start World War 3. I mean, it's the trigger that will make them blame and attack Israel. But this time, US islamic allies won't be able to sit idle and pretend they are neutral...

And with Israel and the US occupied fighting in Middle East, N. Korea will attack S. Korea and Japan, making the US divide its forces enough that China can invade and retake Taiwan.

And China will invade Alaska, the US will annex Canada, and the European commonwealth will dissolve in to quarreling, bickering nation-states bent on controlling the last remaining resources on Earth.

Man is that bleak, I sure hope the world isn't going the way you envision.

The US sure has deep pockets and infinite credit if it launches another trillion dollar adventure.

Iran would've had a nuke in 08. The U.S., Britain, Israel, among many others helped prevent that. Assassinated nuclear scientists in recent years helped extend it out even more. MI6 claims Iran will be in a position to produce nuclear weapons within 2 years, 2014.

Pure conjecture.

klever_guyy wrote:

Can we allow them to bring themselves to such a position? That's the real question. We're talking nuclear weapons. Let's get past the 2000's mentality that going into Iraq/Afghanistan was such a horrible idea.

FWIW, I was referring to the idea of an invasion - and subsequent occupation/stabilization/democratization of whatever's left - and not to the general principle of a Persian nuke aimed at Israël.

The question of the US being able to afford the invasion adventure stands. It obviously leads to "can we afford not to?" and corollary considerations such as world peace and occidental military supremacy (sarcasm) but there is a price tag that cannot be ignored or readily dismissed.

"Mahdi" isn't synonymous with "Messiah", but rather he is prophesized as a leader who reluctantly restores the Caliphate, a worldwide Islamic leader nearly akin to the Pope, after a period of time where there is no Caliphate. The Mahdi's appearance precludes the appearance of the Anti-Christ in Israel, who will be too much for the Caliphate to handle, which then triggers the appearance of Jesus, who becomes the new Caliphate and establishes the Kingdom of God on Earth. All this, according to Islamic beliefs.

So... lol... I wonder if this means the next piece of malware to be found will be called "mabus", quickly followed by "joshua" LMAO. At that point it will be Dec 12 2012 and the new age will dawn, lololololol

We're where we are at. We can't learn from our past mistakes if all we do is think everything was done horribly wrong.

Ummm, why not? I dont see any logic at all in your statement there. If things in the past were done horribly wrong, then to learn from them is not to ignore that they were done horribly horribly wrong but to acknowledge such and do things differently. What does sugar coating and ignoring the reality of the past do to help us learn from those mistakes?

Ummm, why not? I dont see any logic at all in your statement there. If things in the past were done horribly wrong, then to learn from them is not to ignore that they were done horribly horribly wrong but to acknowledge such and do things differently. What does sugar coating and ignoring the reality of the past do to help us learn from those mistakes?